Today i wanted to delete my old disabled User accounts over at Active Directory. On a few User Objects this Error Message poped up “You do not have sufficient privileges to delete CN=Ipad or CN=Iphone”.

I show you now – how you can get the privlieges to delete the Object CN=IPAD or IPhone.

As you maybe already know, its a permission issue on the Object.

1.) Open ADSI Edit on your Server where Active Directory is.

2.) Head to your Useraccount and to CN=ExchangeActiveSyncDevices

3.) Rightclick on CN=ExchangeActiveSyncDevices -> Click on Properties -> Open Advanced Security Settings. There you change the Owner to your Adminaccount and click OK till all windows are closed except ADSI Edit.

5.) Now we need to this also for CN=IPAD – In ADSI Edit Rightclick on CN=IPAD$Appl… -> Click on Properties -> Open Advanced Security Settings. There you change the Owner to your Adminaccount and click OK till all windows are closed except ADSI Edit.

6.) Now you change the Permission on the IPAD CN-> CN=IPAD$Appl -> Click on Properties -> In the Security Tab Add your Domain Admin Account and press OK

7.) Thats it, you can close now ADSI Edit and Head to Active Directory and delete your AD Object successfully.